[722] in linux-security and linux-alert archive
[linux-security] Inetd problem -followup
daemon@ATHENA.MIT.EDU (Chris Farris)
Sat May 11 12:31:20 1996
From: Chris Farris <cfarris@iss.net>
To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 10 May 1996 15:51:48 -0400 (EDT)
Reply-To: cfarris@iss.net
Forwarded message:
> Chris Farris wrote:
> >
> > If you send these services the "SYN" packet and then reset the connection
> > before the connection is open, it will cause inetd to die completely.
>
> Does anyone know whether xinetd is vulnerable to the same sort of attacks?
> > If not, it should be considered as a more secure inetd replacement.
> Unfortunately the configurations files are slightly different.
Our stealth scan code does _not_ break xinetd. I still would be
careful about having unused services present. As Alan Cox mentioned,
chargen/echo could be spoofed into a nasty "network food fight".
Apologies for not posting versions before. The affected kernels I tested
this against were 1.3.64, 1.3.99, 1.2.13, and 1.2.1.
The version of inetd is, the version(s) included with slackware 2.2 and
3.0.
Question: Would you, recommend for/against running sendmail from
xinetd? The example xinetd.conf file had an entry for sendmail, but my
belief always was sendmail had a large startup cost, so it was better to
always keep it running. And how would sendmail know how to process the
queue after a specified interval?
Thanks
Chris
--
Chris Farris | Voice: (404)252-7270
Internet Security Systems, Inc. | Fax: (404)252-2427
Ste. 115, 5871 Glenridge Dr, | www: http://www.iss.net/
Atlanta, GA 30328 | Email: cfarris@iss.net
1st rule of computer security: What You Don't See Is What Gets You
